CVE-2017-1000251
HIGHCVSS 8/10EPSS 16.18%
Last modified
CVE-2017-1000251 is a high-severity vulnerability rated 8/10 on the CVSS scale. The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.. EPSS estimates a 16.18% chance of exploitation in the next 30 days.
Description
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
Metrics
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.32, < 3.2.94 |
| Linux | Linux Kernel | >= 3.3, < 3.16.49 |
| Linux | Linux Kernel | >= 3.17, < 3.18.71 |
| Linux | Linux Kernel | >= 3.19, < 4.1.45 |
| Linux | Linux Kernel | >= 4.2, < 4.4.88 |
| Linux | Linux Kernel | >= 4.5, < 4.9.50 |
| Linux | Linux Kernel | >= 4.10, < 4.12.13 |
| Linux | Linux Kernel | >= 4.13, < 4.13.2 |
| Debian | Debian Linux | 8.0 |
| Debian | Debian Linux | 9.0 |
| Nvidia | Jetson Tk1 | r21 |
| Nvidia | Jetson Tk1 | r24 |
| Nvidia | Jetson Tx1 | r21 |
| Nvidia | Jetson Tx1 | r24 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 6.2 |
| Redhat | Enterprise Linux Server Aus | 6.4 |
| Redhat | Enterprise Linux Server Aus | 6.6 |
| Redhat | Enterprise Linux Server Aus | 7.2 |
| Redhat | Enterprise Linux Server Aus | 7.3 |
| Redhat | Enterprise Linux Server Aus | 7.4 |
| Redhat | Enterprise Linux Server Aus | 7.6 |
| Redhat | Enterprise Linux Server Aus | 7.7 |
| Redhat | Enterprise Linux Server Eus | 6.7 |
| Redhat | Enterprise Linux Server Eus | 7.2 |
| Redhat | Enterprise Linux Server Eus | 7.3 |
| Redhat | Enterprise Linux Server Eus | 7.4 |
| Redhat | Enterprise Linux Server Eus | 7.5 |
| Redhat | Enterprise Linux Server Eus | 7.6 |
| Redhat | Enterprise Linux Server Eus | 7.7 |
| Redhat | Enterprise Linux Server Tus | 6.5 |
| Redhat | Enterprise Linux Server Tus | 6.6 |
| Redhat | Enterprise Linux Server Tus | 7.2 |
| Redhat | Enterprise Linux Server Tus | 7.3 |
| Redhat | Enterprise Linux Server Tus | 7.4 |
| Redhat | Enterprise Linux Server Tus | 7.6 |
| Redhat | Enterprise Linux Server Tus | 7.7 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
References
- http://nvidia.custhelp.com/app/answers/detail/a_id/4561Third Party Advisory
- http://www.debian.org/security/2017/dsa-3981Third Party Advisory
- http://www.securityfocus.com/bid/100809Patch, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039373Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2017:2679Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2680Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2681Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2682Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2683Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2704Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2705Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2706Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2707Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2731Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2732Third Party Advisory
- https://access.redhat.com/security/vulnerabilities/blueborneThird Party Advisory
- https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fePatch, Third Party Advisory
- https://www.armis.com/blueborneThird Party Advisory
- https://www.exploit-db.com/exploits/42762/Exploit, Third Party Advisory, VDB Entry
- https://www.kb.cert.org/vuls/id/240311Third Party Advisory, US Government Resource
- https://www.synology.com/support/security/Synology_SA_17_52_BlueBorneThird Party Advisory
- http://nvidia.custhelp.com/app/answers/detail/a_id/4561Third Party Advisory
- http://www.debian.org/security/2017/dsa-3981Third Party Advisory
- http://www.securityfocus.com/bid/100809Patch, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039373Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2017:2679Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2680Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2681Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2682Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2683Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2704Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2705Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2706Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2707Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2731Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2732Third Party Advisory
- https://access.redhat.com/security/vulnerabilities/blueborneThird Party Advisory
- https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fePatch, Third Party Advisory
- https://www.armis.com/blueborneThird Party Advisory
- https://www.exploit-db.com/exploits/42762/Exploit, Third Party Advisory, VDB Entry
- https://www.kb.cert.org/vuls/id/240311Third Party Advisory, US Government Resource
- https://www.synology.com/support/security/Synology_SA_17_52_BlueBorneThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-1000251?
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
How severe is CVE-2017-1000251?
CVE-2017-1000251 has a CVSS score of 8/10 (HIGH severity). The EPSS model estimates a 16.18% probability of exploitation in the next 30 days.
How do I fix CVE-2017-1000251?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-1000251?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST